adds model Finding_Template to the API.

grendel513 · grendel513 · commit 67202edcb200 · 2016-11-07T13:15:19.000-06:00
diff --git a/dojo/api.py b/dojo/api.py
@@ -10,9 +10,9 @@
 from tastypie.validation import CleanedDataFormValidation
 
 from dojo.models import Product, Engagement, Test, Finding, \
-    User, ScanSettings, IPScan, Scan, Stub_Finding, Risk_Acceptance
+    User, ScanSettings, IPScan, Scan, Stub_Finding, Risk_Acceptance, Finding_Template
 from dojo.forms import ProductForm, EngForm2, TestForm, \
-    ScanSettingsForm, FindingForm, StubFindingForm
+    ScanSettingsForm, FindingForm, StubFindingForm, FindingTemplateForm
 
 """
     Setup logging for the api
@@ -420,7 +420,7 @@ class FindingResource(BaseModelResource):
     class Meta:
         resource_name = 'findings'
         queryset = Finding.objects.select_related("test")
-        # deleting of findings is not allowed via UI or API.
+        # deleting of findings is not allowed via API.
         # Admin interface can be used for this.
         list_allowed_methods = ['get', 'post']
         detail_allowed_methods = ['get', 'post', 'put']
@@ -458,6 +458,55 @@ def dehydrate(self, bundle):
             "/api/v1/products/%s/" % engagement[0].product.id
         return bundle
 
+"""
+    /api/v1/finding_templates/
+    GET [/id/], DELETE [/id/]
+    Expects: no params or test_id
+    Returns test: ALL or by test_id
+    Relevant apply filter ?active=True, ?id=?, ?severity=?
+
+    POST, PUT [/id/]
+    Expects *title, *severity, *description, *mitigation, *impact,
+    *endpoint, *test, cwe, active, false_p, verified,
+    mitigated, *reporter
+
+"""
+
+
+class FindingTemplateResource(BaseModelResource):
+
+    class Meta:
+        resource_name = 'finding_templates'
+        queryset = Finding_Template.objects.all()
+        excludes= ['numerical_severity']
+        # deleting of Finding_Template is not allowed via API.
+        # Admin interface can be used for this.
+        list_allowed_methods = ['get', 'post']
+        detail_allowed_methods = ['get', 'post', 'put']
+        include_resource_uri = True
+        """
+        title = models.TextField(max_length=1000)
+    cwe = models.IntegerField(default=None, null=True, blank=True)
+    severity = models.CharField(max_length=200, null=True, blank=True)
+    description = models.TextField(null=True, blank=True)
+    mitigation = models.TextField(null=True, blank=True)
+    impact = models.TextField(null=True, blank=True)
+    references = models.TextField(null=True, blank=True, db_column="refs")
+    numerical_severity
+    """
+        filtering = {
+            'id': ALL,
+            'title': ALL,
+            'cwe': ALL,
+            'severity': ALL,
+            'description': ALL,
+            'mitigated': ALL,
+        }
+        authentication = DojoApiKeyAuthentication()
+        authorization = DjangoAuthorization()
+        serializer = Serializer(formats=['json'])
+        validation = CleanedDataFormValidation(form_class=FindingTemplateForm)
+
 
 class StubFindingResource(BaseModelResource):
     reporter = fields.ForeignKey(UserResource, 'reporter', null=False)
diff --git a/dojo/models.py b/dojo/models.py
@@ -687,7 +687,7 @@ class Finding_Template(models.Model):
     mitigation = models.TextField(null=True, blank=True)
     impact = models.TextField(null=True, blank=True)
     references = models.TextField(null=True, blank=True, db_column="refs")
-    numerical_severity = models.CharField(max_length=4, null=True, blank=True)
+    numerical_severity = models.CharField(max_length=4, null=True, blank=True, editable=False)
 
     SEVERITIES = {'Info': 4, 'Low': 3, 'Medium': 2,
                   'High': 1, 'Critical': 0}
@@ -870,6 +870,7 @@ def save(self, *args, **kwargs):
 auditlog.register(Product)
 auditlog.register(Test)
 auditlog.register(Risk_Acceptance)
+auditlog.register(Finding_Template)
 
 # Register tagging for models
 tag_register(Product)
diff --git a/dojo/urls.py b/dojo/urls.py
@@ -6,7 +6,7 @@
 from dojo import views
 from dojo.ajax import StubFindingResource as ajax_stub_finding_resource
 from dojo.api import UserResource, ProductResource, EngagementResource, \
-    TestResource, FindingResource, ScanSettingsResource, ScanResource, StubFindingResource
+    TestResource, FindingResource, ScanSettingsResource, ScanResource, StubFindingResource, FindingTemplateResource
 from dojo.development_environment.urls import urlpatterns as dev_env_urls
 from dojo.endpoint.urls import urlpatterns as endpoint_urls
 from dojo.engagement.urls import urlpatterns as eng_urls
@@ -34,6 +34,7 @@
 v1_api.register(EngagementResource())
 v1_api.register(TestResource())
 v1_api.register(FindingResource())
+v1_api.register(FindingTemplateResource())
 v1_api.register(ScanSettingsResource())
 v1_api.register(ScanResource())
 v1_api.register(StubFindingResource())
